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DETAILED ACTION 

1 . This is in response to the amendment filed on November 28 th , 2007. Claims 1 , 2 and 1 0 
have been amended; Claims 1-15 re pending and have been considered below. 

Specification 

2. In light to the amendment to the abstract, the objection to specification has been 
withdrawn. 

Response to Arguments 

3. Applicant's arguments filed November 28 th , 2007 have been fully considered but they are 
not persuasive. 

Applicant argue on page 5 to 6, that "On the other hand, Collins specifically discloses that 
encryption processes are not preferred for the combination process 504 (see col. 9, lines 23-30), 
and in any case, does no disclose or suggest to first apply a hash function and then encrypt the 
result, as required by amended independent claims 1, 2 and 10, and claims 3-9 and 11-15 
dependent therefrom". The examiner respectfully disagree and submits that Collin teaches that 
"the first authentication code is generated by first applying a one-way function to the at least part 
of the first message and at least one identifier and then encrypting the result" see (column 1, lines 
55-62; column 2, lines 34-42; column 3 lines 15-22; column 5, line 57 to column 6 line 4; 
column 9, lines 15-40; Fig. 5). Collins specifically discloses that the used of non-reversible 
combination process (such as SHA-1 or MD5) is preferred to encryption (emphasis added). 
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Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

5. Claims 1-1 5 are rejected under 35 U.S.C. 102(e) as being anticipated by Collins (US 
7095855). 

Claim 1 : Collins discloses a message a method of generating and sending a message from a first 
entity, the method including the steps of: 

a. Determining a message including an action (column 1 , line 49-55, column 6, lines 

4-36); 

b. Generating an authentication code on the basis of the action (application) and a 
parameter (application identifier) by first applying a one-way function to the action and 
parameter and then encrypting the result, the parameter being indicative of an attribute of 
the action the (The message unique value 502 is combined with the secret value 400 in 
combination process 504 to form a secret message unique value 506. The secret message 
unique value 506 is substantially unique to the particular message, device and 
application. The combination process 504 can be implemented using the symmetric 
encryption based one way functions used in the financial industry, and/or hash functions 
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such as SHA-1 and MD5) (column 1, lines 55-62; column 2, lines 34-42; column 3 lines 
15-22; column 5, line 57 to column 6 line 4; column 9, lines 15-40; Fig. 2, Fig. 5, Fig.4); 
and 

c. Sending the message and authentication code from the first entity (to form a 
secure message for transmission) (column 1 lines 63-67). 

Claim 2: Collins discloses a message a method of generating and sending a message from a first 
entity, the method including the steps of: 

a. Determining a message including an action (column 1, line 49-55, column 6, lines 
4-36); 

b. Generating an authentication code on the basis of the action (application) and a 
parameter (device identifier) by first applying a one-way function to the action and 
parameter and then encrypting the result, the parameter being based on the identifier (The 
message unique value 502 is combined with the secret value 400 in combination process 
504 to form a secret message unique value 506. The secret message unique value 506 is 
substantially unique to the particular message, device and application. The combination 
process 504 can be implemented using the symmetric encryption based one way 
functions used in the financial industry, and/or hash functions such as SHA-1 and MD5) 
(column 1, lines 55-62; column 2, lines 34-42; column 3 lines 15-22; column 5, line 57 to 
column 6 line 4; column 9, lines 15-40; Fig. 5); and 

c. Sending the message and authentication code from the first entity (to form a 
secure message for transmission) (column 1 lines 63-67). 
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Claims 3/1, 3/2: Collins discloses a message a method of generating and sending a message from 
a first entity as in claims 1 and 2 above, and further discloses that the action (application) is a 
function, and the parameter (application identifier) is indicative of the function (each 
communication type is associated with a particular application in the issuer device and a 
corresponding application in the holder device) (column 5 line 57 to column 6 line 4). 

Claims 4/1 , 4/2: C ollins discloses a message a method of generating and sending a message from 
a first entity as in claims 3/1 and 3/2 above, and further discloses that 

the entity is capable of generating messages for each of a plurality of types of function, and the 
parameter is indicative of the type of function comprised by the message that is sent (the 
corresponding applications 206 and 208 are assigned application identity values 406 and 414, to 
permit identification of an application or purpose for a particular message) (column 7 line 19 to 
column 8 line 4; Fig 2; Table 1). 

Claims 5/1, 5/2: Collins discloses a message a method of generating and sending a message from 
a first entity as in claims 3/1 and 3/2 above, and further discloses that the message includes one 
or more operands of the function (column 7 line 19 to column 8 line 4; Fig 2; Table 1). 

Claims 6/1, 6/2: C ollins discloses a message a method of generating and sending a message from 
a first entity as in claims 5/1 and 5/2 above, and further discloses that the function is a read 
function and the one or more operands include an address to be read (From a practical 
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perspective, secure communications between the user 1034 and the banking service 1032, are 
used for transactions ranging from initial log on and password hand shaking between the banking 
service 1032 and the user 1034, through to other banking transactions such as reading an account 
balance, transferring funds and so on)(column 12, lines 20-45). 

Claims 7/1, 7/2: Collins discloses a message a method of generating and sending a message from 
a first entity as in claims 5/1 and 5/2 above, and further discloses that the function is a write 
function and the one or more operands include data to be written (column 7, lines 37-45). 

Claims 8/1, 8/2: Collins discloses a message a method of generating and sending a message from 
a first entity as in claims 4/1 and 4/2 above, and further discloses that the types of function 
include at least a read and a write, wherein the authentication step produces a different 
authentication code depending upon whether the action is a read or a write (column 7 line 19 to 
column 8 line 4). 

Claims 9/1, 9/2: Collins discloses a message a method of generating and sending a message from 
a first entity as in claims 4/1 and 4/2 above, and further discloses that the authentication step 
produces includes authentication codes (this process can be selected appropriately to provide 
symmetric key encryption for confidentiality, or for providing a message integrity mechanism, 
such as message authentication code or keyed hash function or simply as a secret one time value 
within a higher level protocol) (column 9, lines 30-40). 
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Claim 10: Collins discloses a method of generating a first authentication code for a first message 
for a first function, wherein operands for the first authentication function used to generate the 
first authentication code include at least part of the first message and at least one identifier 
associated with the first function the first authentication code is generated by first applying a 
one-way function to the at least part of the first message and at least one identifier and then 
encrypting the result (The message unique value 502 is combined with the secret value 400 in 
combination process 504 to form a secret message unique value 506. The secret message unique 
value 506 is substantially unique to the particular message, device and application. The 
combination process 504 can be implemented using the symmetric encryption based one way 
functions used in the financial industry, and/or hash functions such as SHA-1 and MD5) (column 

I, lines 55-62; column 2, lines 34-42; column 3 lines 15-22; column 5, line 57 to column 6 line 
4; column 9, lines 15-40; Fig. 2, Fig. 5, Fig.4). 

Claim 1 1 : Collins discloses a method of generating authentication code as in claim 10 above, 
and further discloses a steps of verifying the authentication code in accordance with the at least 
one identifier associated with the first function If the encoding process 602 (see FIG. 6) 
implemented a message integrity mechanism such as a MAC or keyed hash function, then the 
decoding process 900 verifies the integrity of the secret message block 604 against message 
corruption or tampering, using MAC or keyed hash techniques, or both, as applicable) (column 

II, lines 25-40). 



Claim 12: Collins discloses a method of generating authentication code as in claim 10 above, 
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and further discloses that the identifier is indicative of a type of the function (the corresponding 
applications 206 and 208 are assigned application identity values 406 and 414, to permit 
identification of an application or purpose for a particular message) (column 7 line 19 to column 
8 line 4; Fig 2; Table 1). 

Claims 13, 14: Collins discloses a method of generating authentication code as in claims 10 and 
12 above, and further discloses that the at least one identifier is indicative of the entity generating 
the authentication code (addition, the authentication information can be used as a basis for 
establishing the origin, destination, sequence and timing of messages) (column 6, lines 14-35). 

Claim 15: Collins discloses a method of generating authentication code as in claim 14above, and 
further discloses that prior to generating the authentication code, of receiving a request from the 
entity for the first message, the request including information indicative of an identity of the 
entity (as a prerequisite to answering the request, a reliable indication that the information 
request has originated from a device and/or application which is known to, and authorized by, 
the information provider)(column 6, lines 1-35). 

Conclusion 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
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MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

7. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Fatoumata Traore whose telephone number is (571) 270-1685. The 
examiner can normally be reached Monday through Thursday from 7:00 a.m. to 4:00 p.m. and 
every other Friday from 7:30 a.m. to 3:30 p.m. 



examiner's supervisor, Nassar G. Moazzami, can be reached on (571) 272 4195. The fax phone 
number for Formal or Official faxes to Technology Center 2100 is (571) 273-8300. Draft or 
Informal faxes, which will not be entered in the application, may be submitted directly to the 
examiner at (571) 270-2685. 



or proceeding should be directed to the Group Receptionist whose telephone number is (571) 
272-2100. 



If attempts to reach the examiner by telephone are unsuccessful, the 



Any inquiry of a general nature or relating to the status of this application 



FT 

Wednesday, February 6tth, 2008 



Nassar G. Moazzami 
Supervisory Patent Examiner 




